Zero trust, deception & disruption, change management

Question 1

Zero trust

Answer 1

You have to authenticate or prove yourself each time you want to gain access.

Question 2

How can we start implementing zero trust?

Answer 2

Take our security devices & break them into smaller components.

Question 3

Data plane

Answer 3

Part of device that processes frames, packets, network data.
Ex: switch, router firewall

Question 4

Control plane

Answer 4

Manages actions occurring in the data plane, Configuring policies & rules.
Ex: routing tables, firewall rule, NAT tables

Question 5

How do we control trust?

Answer 5

1. Adaptive Identity
2. Threat scope reduction
3. Policy-driven access control

Question 6

Adaptive identity

Answer 6

We want to look at the source of the requested resources.
Ex: physical location, IP address, relationship to org.

Question 7

Threat scope reduction

Answer 7

decrease the # of possible entry points to get into the network

Question 8

Policy-driven access control

Answer 8

Combines all the individual data points (adaptive identity) then decides what type of authentication to use

Question 9

Another way to qualify identity of a person is through-

Answer 9

Security Zones, look at where they’re coming from and where they’re going.
**set rules on what zone has access to other zones

Question 10

Policy enforcement point (gatekeeper)

Answer 10

§ Gathers all info about traffic, then provides it to PDP.
All of traffic that’s traversing through network must pass through PEP.

Question 11

Policy decision point

Answer 11

responsible for examining the authentication

Question 12

Policy engine

Answer 12

Evaluates each access decision based on policy.
Grant, deny, or revoke.

Question 13

Policy administrator

Answer 13

○ Takes that decision and communicates w/ PEP
○ Generates access tokens or credentials
○ Tells the PEP to allow or disallow access

Question 14

Honeypot

Answer 14

Attract attackers to system, & keep them involved to trap them there.
Creates a virtual world to explore.

Question 15

Honeynets

Answer 15

A large deception network w. one or more honeypots.
Ex: servers, workstations, routers, switches

Question 16

Honeyfiles

Answer 16

bait for the honeynet
Add many honey files to file shares

Question 17

Honeytokens

Answer 17

track malicious data, add traceable data

Question 18

Change approval process includes-

Answer 18

1. Complete the request forms
2. Determining the purpose of the change
3. Identify the scope of the change (single system or multiple systems)
4. Schedule a date and time of the change
5. Determine affected systems & impact
6. Analyze the risk associated w/ change

Question 19

Impact analysis

Answer 19

Recognizing the risk that is involved in a particular change

Question 20

What are the risk of not making a change?

Answer 20

1. Security vulnerability
2. Application unavailability
3. Unexpected downtime

Question 21

Sandbox testing environment

Answer 21

Perform as many tests as you’d like and have no effect on your production system

Question 22

Backout plan

Answer 22

strategy for reverting back to your previous system state
**Always have backups

Question 23

Maintenance window

Answer 23

Scheduled periods of time when system updates, backups, and tests are performed on applications.
**overnight best choice

Question 24

Standard operating procedure

Answer 24

Step-by-step instructions to help workers carry out routine operations.
**process must be documented

Question 25

Living document

Answer 25

policy, plan or framework that is continuously updated and revised to reflect the changing cyber landscape.

Question 26

A change approval is-

Answer 26

1. Timely
2. Scope of change is important
3. Specific

Question 27

Legacy applications

Answer 27

Applications that were here before you arrived.
No longer supported by developer

Question 28

Dependencies

Answer 28

Connections between assets where the state of one relies to the other.
A service will not start w/o other active services.

Question 29

Version control

Answer 29

A software system that tracks changes to a file or configuration data over time.